Web Security levels that can be implemented

Question

1.00/5 (1 vote)

See more:

Currently im Working with a Website that will handle a very large amount of data. These data/ entries will be stored in MS SQL Server database. My Question is what security techniques can I do to protect the Private data from hackers and likes. I have in Mind th encryption of the URL to prevent sql injections also Encrypting the data that will be Entered by the users.

any form of Ideals is greatly appreciated thank you.

Posted 3-Nov-11 4:55am

richardcainglet

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

BobJanova · Accepted Answer · 2011-11-03T05:31:00

There are reams of security advice but you can avoid the main problems by:

Use parameterised queries. Never construct a query by building up a string from user input. This protects you against SQL injection (probably the no. 1 exploit) and it's also faster and more type safe.
Don't save passwords in plain text. (Using the default ASP.net Membership/Role system will automatically get this and a whole bunch of other stuff right for you.) This prevents a database hack or leak compromising people's passwords.
Don't output unsanitised user input directly into the page stream (to prevent cross-site scripting attacks) – not so relevant for ASP.net as you don't generally make the stream yourself.
If you are concerned about in-transit interception of credentials or data, use SSL (i.e. HTTPS).

jim lahey · Accepted Answer · 2011-11-03T05:44:00

I think you're referring to encoding user input and not encrypting it.

Some things that spring to mind that you should look out for:

1. Don't trust the user's input. Make sure you validate it (especially strings) and HtmlEncode it if you're going to display it in a web page again
2. Parameterize your queries
3. Make sure the account with which you're logging onto SQL Server with has the bare minumum in terms of permissions to cover your functionality. You shouldn't need more dbdatareader and dbdatawriter by the sound of it
4. Don't store sensitive stuff like a password in a cookie

Find out more here:

http://msdn.microsoft.com/en-us/library/ff648647.aspx[^]

Web Security levels that can be implemented

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0